Scam email spate hits university

Students at the University of Sussex have encountered a rise in the number of scam emails they receive. Sent under the guise of needing to update student loan accounts, these emails claim to have been sent by such groups as the Student Loans Company, Tesco Finance, Directgov and Student Loan Finance England.

“Dear Student”, read one such email received by the Badger, accompanied by a Directgov graphic, “your student loan account needs to be upgraded to match the details we hold on record for you. Failure to upgrade means you will encounter problems logging on to your profile next time. Thanks for your co-operation.”

Spam is notoriously difficult to block completely. However, whereas often it appears clearly signposted by its content – whether it be informing you of a foreign lottery win or offering discount Viagra – a student already worried about their finances could easily be taken in.This practice, in which scammers attempt to extract financial or otherwise sensitive information from people through the use of emails which assume the guise of trustworthy agencies, is known as phishing.

Andy Clews, Email Services Support Manager for the university said: “The only worrying aspect is if people respond to the emails and disclose personal or account information, and thus open the gates to their accounts being compromised.

“If everyone could learn to completely ignore and delete all such emails, there’d be no problem. What we can see at a glance is obvious spam may still look like a genuine email, and it’s very difficult technologically to make such a distinction.”

The university has recognized a spike in the usual steady stream of scam emails, but do not see any noticeable increase in sophistication. Students worried they may have received such an email are encouraged to report it to support@its.sussex.ac.uk.

Clews described the action the university takes to combat spam: “When a report is sent to us we block the reply address so that no further replies would get to the spammer, we block the sender’s address or any website address given in the email, we check to see if anyone has already sent an email reply and if so we disable their account by changing their password, so as to deny access to the spammer, if they attempt to login to that person’s account with their original password.

“When those folks come forward we tell them why we blocked their accounts, and give them a new password.”

Further information can be found on the University of Sussex website at http://www.sussex.ac.uk/its/helpdesk/faq1446. The FAQ stresses that the university will never ask for login information, and that any message that does request confidential information of this sort has fraudulent intent and should always be ignored.